Mac malware creators are adopting Windows malware camouflage trickery in a bid to trick users into running their malicious creations.
Boobytrapped PDF files have long been a problem for Windows users. The OSX/Revir-B Trojan reapplies this approach towards Mac fans, who may be less familiar with the ruse.
The malware payload is …

"the malware fails to execute"

OK, so it tricks the user into running it, pretends to show a document and then tries ( and fails) to install a back door... What do you call this? other than a steaming pile of fail???

Linux because a) i use it and b) because it wouldnt suffer from such a vulnerability (executables downloaded from the internet have to be marked as executable but the user; any attempts to run it otherwise warns the user that it is infact a program, and refuses to run)

I still belive

"over major swaths of linux"

Well on my OpenSuse installations neither Firefox or Thunderbird will allow executables to run by just clicking and even if you save the file it's set as non-executable so you really have to have a death wish to run an unknown binary. It doesn't matter at all what the extension is.

It is possible to have FF etc set to run interpreted files if you really, really want to.

"executable bits and such won't apply to an Adobe vulnerability"

I presume that when you try to open this 'PDF' the Mac will put up the standard 'this is is a program you have downloaded from the internet - you are abouttorunit for the first time - are you sure you want to run it?' alert.

I've run into similar before on Mac...

And what happens is that before it runs, MacOS detects the application and put up its standard warning of "[xxxx] is an application that was downloaded from the Internet. Are you sure you want to run it?" Easy way out? click "no"

I still prefer the linux way. The user has to deliberately mark the file as executable, and instead of giving you the option in a dialogue box, you have to go into the properties section of the file to set it to execute. People click yes without thinking, this gives the user more time for thought

Yes, but...

Another reason the lay computer user can't/won't use Linux. If they download their lovely Chrome installer, how are they going to know they have to go into the properties and mark the file as executable? Perhaps have a helping info page "You're running Linux! Let me show you how you can run this program. Oh, you're running XFCE? Here's the instructions. Oh, Gnome, here's the OTHER instructions. Unity? Bah, open a terminal window (if you know how, or hit ctrl+alt+F2), and do a chmod u+x on the file (if you know where it is, likely somewhere in your ~ folder), then open it."

More secure? Sure. It just saves people from themselves because it doesn't hold their hand while walking them into an oncoming train.... But only 25% of /actual computer users/ would even be able to use it to a decent degree.

I do give Apple credit at making a *nix box that is at least usable by the masses. I just don't like their "culture."

True

re: Yes, but...

"Another reason the lay computer user can't/won't use Linux. If they download their lovely Chrome installer, how are they going to know they have to go into the properties and mark the file as executable? Perhaps have a helping info page 'You're running Linux! Let me show you how you can run this program. Oh, you're running XFCE? Here's the instructions. Oh, Gnome, here's the OTHER instructions. Unity? Bah, open a terminal window (if you know how, or hit ctrl+alt+F2), and do a chmod u+x on the file (if you know where it is, likely somewhere in your ~ folder), then open it.'"

We're strictly a Mac house here, but when reinstalling a proper licensed copy of Photoshop on my wife's MacBook after she had the hard drive restored, I got pissed off at Adobe's Internet-based product activation bullshit -- I was able to work around it, but it still pissed me off -- and downloaded a copy of Gimp for her to use instead. However, I'd forgotten that being originally a Linux app, it needed to run in an emulated environment (X10) on the Mac. So, a little while later, the wife calls me downstairs, all flustered, asking me "What's this 'X10' thing that starts up every time I go to use Gimp?" After a moment's pondering, I remember what the deal is with X10, and comment "Gimp is open-source, originally for Linux, so it needs to be sandboxed; that's why it needs to run inside X10." My wife's head damn' near exploded when I said that. "Sandboxed? What the hell are you... shit, give me my Photoshop back!"

So, yeah, you do make a point about Linux being more secure, not to mention having all sorts of other awesomeness, but, still... it's not quite ready for my wife, who, unlike me, doesn't enjoy checking out weird apps or mucking about under the hood of her OS or self-educating about computers and networks at all, and just wants her computer to run so she can get her goddamn' work done.

As far as "Apple culture" goes... yeah, I'm down with you on that. I've been using Macs since '85, because of the way they simplified everything I could do with a computer, and made my work -- graphic design and illustration -- much less a pain in the ass than it was when I first started out with cold type galleys, hot wax, Rapidographs and razor blades... but even back in the day, I had to deal with that effete yuppie snob attitude that oozed so heavily out of so many Mac users that at user group meetings, I always wound up hanging out with all the old Apple II geeks.

Nuclear blast icon, to illustrate what my wife's head did when I tried to explain "sandboxing" and "emulation" to her.

Oh the humanity.

Uncommon on Linux

Of course, on most (all?) Linux distros you don't tend to download executables via a web browser. The vast majority of software is installed via the fairly secure apt-get mechanism (or equivalent), in a similar manner to the walled-garden app stores now becoming so popular elsewhere. So actually most new users are very unlikely to end up having problems not being able to run stuff they've just downloaded via a web browser, because they simply don't need to in the first place.

Ivan Idea

No execution allowed by the GUI shell of anything under a user directory unless its under ~/bin or ~/Applications or "~/Program Files" (stupid name with space).

"Open" and "run" are too close to each other in concept in GUI. Download a pdf, click, yes of course I want it open..

Better to bring up either an associated application or an "open-with..." dialogue if it is outside one of these directories. This only needs to apply to files under a user directory. So, to execute something you have to move it to your local executables directory first.

Oh yes, and *always* display the full file name. Doesn't even windows have Read and Execute permissions these days? It's time to ditch DOS.

Luckily for me...

...I read the Reg regularly, and am up on all the malware social-engineering and other shams, having first seen them pulled on Windows users. Also, I've been using Macs almost exclusively since 1985, and can remember when the first viruses were spotted in the wild -- running on MacOS. So, this shit ain't exactly big news to me.

time to wake up

For years Mac users have been smug with the knowledge that their chosen platform doesn't suffer the problems their fellow Microsoft cousins have.

But this has all changed, they now have to face reality and accept that there's malware that could possibly, maybe, at best target their system, but provided only that they were stupid enough and if the malware had been written properly.

In my experience Mac users are dumb enough to the point it amazes me they even know how to turn them on. For example that 'Mac Defender' thing that went around. Don't you think if Apple had released some new software, particularly something like security software they would have made a big deal to make sure they got max sales out of it? It would make sense as security is a big thing these days.

I have a friend who works on Apples Tech support in Newcastle and he said that the amount of calls they got from people about that was unreal. People actually thought Apple was responsible and actually expected Apple to compensate them for THEIR stupid mistake.